676aea942a11ce91bc29388ca949fd2201682b63c13cf33327421d980e586e49 | Triage

Submit
Reports

Overview

overview

7

Static

static

3

PTOTAC_WIN...58.exe

windows7-x64

7

PTOTAC_WIN...58.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

Target

PTOTAC_WINCASIHD_17.50.58.exe.v
Size

45.9MB
Sample

241003-b3abesxhjj
MD5

cfd4bc5b3adfdb2716cc92f2d8a49784
SHA1

e3b777de2f0201155bac46c4a168a2aa787e72bb
SHA256

676aea942a11ce91bc29388ca949fd2201682b63c13cf33327421d980e586e49
SHA512

28be60febf0ea1d2fee656a80bbcdba2a5871244984cf81f243e3467481ba59db09f61c4ebba36c8d59c74ef524575831b72082eacf1988c15e1a0f6b46a31aa
SSDEEP

786432:8s4bQrCDby1pmxJ7hUwT0UVnnewa+tr2EKYknaKkwpleuvAyPBC3srYpJmGLrkoU:sGD1pmPAUVnnlpxmhdkw/cJmW/H0

Score

7^/10

discovery

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

PTOTAC_WINCASIHD_17.50.58.exe

Resource

win7-20240903-en

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

PTOTAC_WINCASIHD_17.50.58.exe

Resource

win10v2004-20240802-en

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Targets

- Target
  
  PTOTAC_WINCASIHD_17.50.58.exe.v
- Size
  
  45.9MB
- MD5
  
  cfd4bc5b3adfdb2716cc92f2d8a49784
- SHA1
  
  e3b777de2f0201155bac46c4a168a2aa787e72bb
- SHA256
  
  676aea942a11ce91bc29388ca949fd2201682b63c13cf33327421d980e586e49
- SHA512
  
  28be60febf0ea1d2fee656a80bbcdba2a5871244984cf81f243e3467481ba59db09f61c4ebba36c8d59c74ef524575831b72082eacf1988c15e1a0f6b46a31aa
- SSDEEP
  
  786432:8s4bQrCDby1pmxJ7hUwT0UVnnewa+tr2EKYknaKkwpleuvAyPBC3srYpJmGLrkoU:sGD1pmPAUVnnlpxmhdkw/cJmW/H0
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy